My entry on spybot is red!!! While everything else is red, yellow and blue. Ok, I was not able to find the file WINDIR but found SMINST file. Right click on it and the General tab as follows: Type: blank, Location: C:\Windows, Size:25.1(26,329,942 bytes), Siz on disc:25.2 (26,476,544 bytes), Contains: 119 files & 7 folders, created: sunday, dec 17, 2006. I was able to deny %windir%\sminst\launcher.exe was able to deny, but something call system safeboot: change: value deleted, entry: option, thats it. you can only allow this.

post:
--- Spybot - Search & Destroy version: 1.6.0  (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-07-07 TeaTimer.exe (1.6.0.20)
2008-08-05 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-07-22 Includes\Adware.sbi
2008-07-15 Includes\AdwareC.sbi
2008-06-03 Includes\Cookies.sbi
2008-06-03 Includes\Dialer.sbi
2008-07-29 Includes\DialerC.sbi
2008-07-22 Includes\HeavyDuty.sbi
2008-07-10 Includes\Hijackers.sbi
2008-07-08 Includes\HijackersC.sbi
2008-07-29 Includes\Keyloggers.sbi
2008-07-29 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-07-23 Includes\Malware.sbi
2008-07-29 Includes\MalwareC.sbi
2008-07-23 Includes\PUPS.sbi
2008-07-29 Includes\PUPSC.sbi
2007-11-07 Includes\Revision.sbi
2008-06-18 Includes\Security.sbi
2008-07-29 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2008-07-22 Includes\Spyware.sbi
2008-07-29 Includes\SpywareC.sbi
2008-06-03 Includes\Tracks.uti
2008-07-30 Includes\Trojans.sbi
2008-07-29 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Category: Wrong app path
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\VCU3DcheckApp.exe
Filename: C:\Program Files\Roxio\Roxio MyDVD Basic v9\VideoCore 9\VCU3DcheckApp.exe
    Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Users\ADMINI~1\AppData\Local\Temp\SIAssetExt.exe
Filename: C:\Users\ADMINI~1\AppData\Local\Temp\SIAssetExt.exe
    Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Windows\Microsoft.NET\Framework\v1.0.3705\diasymreader.dll
Filename: C:\Windows\Microsoft.NET\Framework\v1.0.3705\diasymreader.dll
    Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Windows\Microsoft.NET\Framework\v1.0.3705\iehost.dll
Filename: C:\Windows\Microsoft.NET\Framework\v1.0.3705\iehost.dll
    Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Windows\Microsoft.NET\Framework\v1.0.3705\microsoft.jscript.dll
Filename: C:\Windows\Microsoft.NET\Framework\v1.0.3705\microsoft.jscript.dll
    Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Windows\Microsoft.NET\Framework\v1.0.3705\microsoft.vsa.vb.codedomprocessor.dll
Filename: C:\Windows\Microsoft.NET\Framework\v1.0.3705\microsoft.vsa.vb.codedomprocessor.dll
    Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscordbi.dll
Filename: C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscordbi.dll
    Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorrc.dll
Filename: C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorrc.dll
    Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorsec.dll
Filename: C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorsec.dll
    Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Windows\Microsoft.NET\Framework\v1.0.3705\system.configuration.install.dll
Filename: C:\Windows\Microsoft.NET\Framework\v1.0.3705\system.configuration.install.dll
    Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Windows\Microsoft.NET\Framework\v1.0.3705\system.data.dll
Filename: C:\Windows\Microsoft.NET\Framework\v1.0.3705\system.data.dll
    Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Windows\Microsoft.NET\Framework\v1.0.3705\system.enterpriseservices.dll
Filename: C:\Windows\Microsoft.NET\Framework\v1.0.3705\system.enterpriseservices.dll
    Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Windows\Microsoft.NET\Framework\v1.0.3705\vsavb7rt.dll
Filename: C:\Windows\Microsoft.NET\Framework\v1.0.3705\vsavb7rt.dll
    Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Windows\Microsoft.NET\Framework\v1.0.3705\wminet_utils.dll
Filename: C:\Windows\Microsoft.NET\Framework\v1.0.3705\wminet_utils.dll
    Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Windows\system32\pxcpya64.exe
Filename: C:\Windows\system32\pxcpya64.exe
    Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Windows\system32\pxcpyi64.exe
Filename: C:\Windows\system32\pxcpyi64.exe
    Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Windows\system32\pxinsa64.exe
Filename: C:\Windows\system32\pxinsa64.exe
    Data:

Category: Missing shared DLL
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Windows\system32\pxinsi64.exe
Filename: C:\Windows\system32\pxinsi64.exe
    Data:

Category: Wrong app path
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe
Filename: cmmgr32.exe
    Data:

Category: Wrong app path
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\fsquirt.exe
Filename: fsquirt.exe
    Data:

Category: Missing helpfile
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\HTML Help\IMTCEN.CHM
Filename: IMTCEN.CHM
    Data:

Category: Missing helpfile
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\HTML Help\IMTCTC.CHM
Filename: IMTCTC.CHM
    Data:

Category: Wrong app path
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\install.exe
Filename: install.exe
    Data:

Category: Wrong app path
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\migwiz.exe
Filename: migwiz.exe
    Data:

Category: Wrong app path
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\MsoHtmEd.exe
Filename: MsoHtmEd.exe
    Data:

Category: Wrong app path
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe
Filename: setup.exe
    Data:

Category: Wrong app path
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\table30.exe
Filename: table30.exe
    Data: Scan Stats:
  Scan Time: 1459
  Scan Options:
  Scan Targets: C:, D:
  Counts:
   Total items scanned: 216642
   - Files & Directories: 216642
   - Registry Entries: 0
   - Processes & Start-up Items: 0
   - Network & Browser Items: 0
   - Potential Unknown Threats: 0
   - Other: 0

   Total security risks detected: 0
   Total items resolved: 0
   Total items that require attention: 0

Resolved Threats:

Unresolved Threats:

You have numerous missing shared DLL's which is not a good thing.

I'm not sure what you did with Spybot, but please restart your computer; if you are given the option, DO NOT deny %windir%\sminst\launcher.exe.

Do not run any other scans - just do a restart and report back.

so just restart the computer and allow the windir to the system? 

Yes.

If you checked out one of my previous posts, the Spybot Forums suggest that this may be part of the HP system. I don't want to see you randomly discarding files just because they are deemed "unknown".

What does the Full Scan with NIS 2008 tell you?

Norton does it find cookies, so I know this system has been comprised or something.

Scan Stats:
  Scan Time: 1459
  Scan Options:
  Scan Targets: C:, D:
  Counts:
   Total items scanned: 216642
   - Files & Directories: 216642
   - Registry Entries: 0
   - Processes & Start-up Items: 0
   - Network & Browser Items: 0
   - Potential Unknown Threats: 0
   - Other: 0

   Total security risks detected: 0
   Total items resolved: 0
   Total items that require attention: 0

Resolved Threats:

Unresolved Threats:
By the way when I restarted the system I did not get any alerts from Spybot accepting me to accept or deny any thing. This is normally what happen once program is download its usally corrupt after first use. I ran an scan from SDFix and it told me I had a hidden scan:

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-06 19:44:56
Windows 6.0.6000  NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641f28628]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001641f28628]

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

My this explain what is wrong dont know!!

Also know my Norton is saying “FIX NOW” but I cant no matter what I do? It stating it needs to be configured? This is crazy too me! It took me back to the page where you put in your product key and I did that but told me the key was invalid? I am not sure whats going on here?  But sounds fishy too me!!!

Cookies are not necessarily a problem; depending upon the type, they are a normal part of surfing the web. However with your issues, I would delete all cookies for now.

"catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer" is part of the SDFix program.

Now you mention you are running SDFix - how many anti-spyware programs do you have running?

At this point they may each be detecting portions of each other's programs and reporting them as questionable. With all of these programs running you may be setting up a conflict with Norton.

Try this: Uninstall Avira and ALL anti-spyware programs, but leave Norton in place.  Restart and then see if your NIS 2008 will work.

I just remove avira and other spyware programs. Now just running nis2008.Ran in safe mode and normal finding nothing. But I notice there were some exceptions on the exception list:\system volume information, *.dbx, *.nch.  Also system is going haywire, when I sign in after start up screen goes completely black before getting to the desktop or even I get this a lot too “PLEASE WAIT” or “CONFIGURING UPDATES” when no updates have been downloaded. Did you notice the hidden files on the scan?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:12:06 PM, on 8/7/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.my.att.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.my.att.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.my.att.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.my.att.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6389 bytes

Sorry cant remember if I submitted my Hi-Jack This report or not for view?

I am not well versed in reading Hijack This logs. They are better directed to their forums. That is why we have previously asked that you do not post them here.

However, after a brief review of your log, I do not see any glaring issues – but I am no expert. The items in red text appear to be related to HP, Microsoft and ATT (your ISP provider?)

Since so much cleaning and file deletion has occurred on you computer, let’s try this final step.

Run a Check Disk on you main hard drive.  This will check the drive for errors, bad sectors and can sometimes repair file errors.  Please be advised that running Check Disk with both options selected can take hours and should not be disturbed whilst running.

Please check out the tutorial HERE to learn how to run Check Disk in Vista. Follow only the top portion of the tutorial which shows you how to use it with the Windows interface; be sure to check both boxes and you will have to restart for it run. It should automatically run after you restart with no further input from you – you do not have to try to run it from a command prompt as noted in the second portion. It will run on a plain screen - do not be alarmed, this is normal and is not a BSOD.

I have ran the disk check. Please instruct me on how to get that report.

Here is a link on how to get to event viewer in Vista. You should probably look for an event called winlogon corresponding to the time you ran Check Disk. You do not have to post the log.

However, the important question is does your computer run any better now that you have run Check Disk?

I am just curious. I was reviewing the recent history in NIS2008 and noticed that I have several errors, warnings or whatever they are:

bloodhoud.Packed.PH1 STATUS: statistical submission

 Launcher.exe has made 7 changes to windows start up and making changes to the registry as well. Same program C:\windowsa\sminst\launcher.exe    STATUS: DETECTED Now from what I researched it bloodhounds are not good and this launcher is something that has control over the system if it is making changes.

I think the bloodhound aspect in the Norton detection means that it “appears” to have some qualities of a known threat. Not necessarily confirmed. I think there is a greater likelyhood of a false Positive from this. I don’t mind the false positive

What about the laucher.exe that constantly making changes, is that normal too. When I start up my system and logon it goes completely to a pitch black screen. I then crl +alt+dlt to see whats going on and launcher is in the task but quickly disappears. 

Hi. I think I read on here before about the use of bloodhound and how it plays a role in Norton Detection. I have seen this in my Norton Community Watch entries and have been told that its detecting something that appears to have some qualities similar to know maleware. It's like a preventative thing.

I have also noticed that some programs I have, legit, will show that it made changes to my registry when my computer is restarted.

Word of CAUTION- don't always let what you find when you google something be the definitive answer. Once I google

au_.exe (or it might have been _au.exe), and all I found was spyware scar stuff. Turns out that it had to do with when you remove Adobe flash palyer from your system

Not meaning that there weren’t bad versions out there. But the point being is that some sites claiming to id bad stuff, indicate everything is bad stuff. Thats what I like here. there is good honest feedback and not trying to seel programs

Yes, the %windir% is making changes to my system. That’s not a good thing. 7 changes today. 

getridofspyware, 

If you have faithfully followed the instructions put forth by me and others on this forum, then unfortunately I have run out of suggestions. Those procedures have always worked for me when cleaning infected computers. 

Your post was started on July 16 which means you have been trying to correct the problem for 23 days. I think you need to pursue a different approach to resolve your matter.  You could contact Norton help and support to see if they can resolve your issue; of course there will probably be a charge for this, but it may be worth it.  

On the other hand, at this point there appear to be numerous issues with your computer and you may have to carefully consider reformatting (reinstalling Windows). This will completely erase ALL information on your hard drive, so you must decide if this is right for you. Repeat, this will ERASE EVERYTHING on your system.

If you go this route, be sure to copy all of your documents, email, photos, music, etc onto an external hard drive or on line storage as these items will all be erased.  Do not use a back up utility as that may save your “settings” which are probably corrupted. 

I would also highly suggest that you go to the HP support site and get instructions for reformatting specific to your computer model. Be sure you completely understand the procedure before you start. You must have all reinstall / recovery discs which were supplied to you by HP along with your Windows Product Key number. Save any other program keys that you may have. 

When you start the reinstall, unplug from the internet. When Vista has completed installation, be sure the Windows Firewall is ON, reconnect to the internet and then go to Windows update and get all required updates including Service Pack 1.  At some point during this procedure, the HP support site will have recommended installing your drivers.  Be sure to do that. Then you can reinstall NIS 2008. Before Norton is reinstalled, Windows will give you all kinds of warnings that you have no antivirus protection. That will go away after you install NIS 2008.

BEFORE you bring your saved documents, etc. back onto a newly formatted computer, run a full NIS 2008 scan of them to be sure none of your saved items are infected. 

Once last piece of advice: I would not install Avira. Let me explain where I am going with this. 

From the start, I was dubious about Avira and its findings. If you copy and paste either of the entire paths, C:/HP/HPQWARE/BTBHOST/SETACL.exe or C:/HPBIN/KILLIT.exe and perform a Google search, you will find a few forums that indicate that Avira is the only program defining these items as questionable. On at least one of the sites, it is stated that they are part of the HP system.  No other program defines them as malicious. Example1,  Example 2.  

It is clear that you have some type of infection or malware, but I don’t think letting Avira quarantine and subsequently delete these entries was the answer; in fact it may have made things worse, evident by the BSOD you had earlier. In the future, be wary of what some third party programs want to delete – research before deleting what may actually be false positives. 

Consider your options carefully and keep in touch.